CN111294771A - In-vehicle device, system for implementing in-vehicle communication and related method - Google Patents
In-vehicle device, system for implementing in-vehicle communication and related method Download PDFInfo
- Publication number
- CN111294771A CN111294771A CN201811504122.9A CN201811504122A CN111294771A CN 111294771 A CN111294771 A CN 111294771A CN 201811504122 A CN201811504122 A CN 201811504122A CN 111294771 A CN111294771 A CN 111294771A
- Authority
- CN
- China
- Prior art keywords
- vehicle
- encryption chip
- key
- check code
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000006854 communication Effects 0.000 title claims abstract description 33
- 238000000034 method Methods 0.000 title claims abstract description 24
- 238000004891 communication Methods 0.000 title claims abstract description 21
- 238000012795 verification Methods 0.000 claims description 7
- 230000006870 function Effects 0.000 description 3
- 238000004378 air conditioning Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/30—Services specially adapted for particular environments, situations or purposes
- H04W4/40—Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
- H04W4/48—Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for in-vehicle communication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
Abstract
The invention discloses vehicle-mounted equipment, wherein an ECU of the vehicle-mounted equipment is provided with an encryption chip, a secret key is stored in the encryption chip, the secret key is stored in a memory which is protected by hardware and can not be accessed by software of the encryption chip, and the encryption chip is used for generating a check code according to the secret key and a message to be processed based on a symmetric encryption algorithm. Systems and related methods for implementing in-vehicle communications are also disclosed. In the invention, the ECU with the encryption chip is arranged for the vehicle-mounted equipment, and the encryption chip is used for storing the key and executing the encryption process, so that the message transmitted between the vehicle-mounted equipment is encrypted and protected in a hardware encryption mode, and the requirements of the vehicle-mounted communication process on safety and communication speed are met.
Description
Technical Field
The invention relates to the field of automobiles, in particular to an on-board device, a system for realizing in-vehicle communication and a related method.
Background
At present, in the process of performing intra-vehicle communication between vehicle-mounted devices of a vehicle, a software encryption-based mode is adopted to perform encryption protection on messages transmitted between the vehicle-mounted devices. However, in the software encryption mode, a key used for encryption is protected by software, that is, the key is stored in a storage area which can be accessed by software and is not protected by hardware, so that leakage of the key is easily caused, and further, the functional safety of the whole vehicle is affected. In addition, in order to meet the requirement of the in-vehicle communication speed of millisecond level, the encryption algorithm adopted by software encryption is not high in complexity and is easy to crack. If the encryption strength is high, the software encryption method consumes a large amount of ECU (Electronic Control Unit) performance of the vehicle-mounted device and consumes too much time, so that the requirement of the communication speed in the vehicle cannot be met. Therefore, it is necessary to provide a new in-vehicle communication method so as to satisfy the requirements of safety and communication speed.
Disclosure of Invention
The present invention is based on the object of providing a vehicle-mounted device and a system for enabling in-vehicle communication, which satisfy the requirements for safety and communication speed of in-vehicle communication.
The embodiment of the invention provides vehicle-mounted equipment, wherein an ECU of the vehicle-mounted equipment is provided with an encryption chip, a secret key is stored in the encryption chip, the secret key is stored in a memory which is protected by hardware and cannot be accessed by software of the encryption chip, and the encryption chip is used for generating a check code according to the secret key and a message to be processed.
Optionally, the key is written into the encryption chip through an encryption chip driver after being encrypted, the encrypted key is decrypted and verified inside the encryption chip, and if the decryption and verification are successful, the key is stored in the encryption chip.
The embodiment of the invention also discloses a system for realizing the in-vehicle communication, which comprises the sending end vehicle-mounted equipment and the receiving end vehicle-mounted equipment, wherein the sending end vehicle-mounted equipment and the receiving end vehicle-mounted equipment are the vehicle-mounted equipment disclosed by the embodiment of the invention, and the same secret key is stored in the encryption chips of the sending end vehicle-mounted equipment and the receiving end vehicle-mounted equipment.
Optionally, the sending-end in-vehicle device is configured to:
generating a check code in an encryption chip of the sending end vehicle-mounted equipment according to the secret key and the message to be sent;
and sending the message and the check code to the receiving end vehicle-mounted equipment.
Optionally, the receiving-end in-vehicle device is configured to:
generating a check code in an encryption chip of the receiving end vehicle-mounted equipment according to the secret key and the received message;
and comparing the generated check code with the received check code, and if the comparison result is that the generated check code is the same as the received check code, executing the command corresponding to the message.
Optionally, the receiving-end in-vehicle device is configured to:
and if the comparison result is that the generated check code is different from the received check code, not executing the command corresponding to the message.
Optionally, the MAC value of the message is calculated in the encryption chips of the sending-end vehicle-mounted device and the receiving-end vehicle-mounted device based on the key and the message digest HASH, and the MAC value is used as a check code.
The embodiment of the invention also discloses a method for writing the secret key into the encryption chip of the vehicle-mounted equipment, wherein the vehicle-mounted equipment is the vehicle-mounted equipment disclosed by the embodiment of the invention, and the method comprises the following steps:
the whole car factory or the supplier of the encryption chip sends the encrypted key to the supplier of the ECU of the vehicle-mounted equipment,
and the ECU supplier of the vehicle-mounted equipment writes the encrypted key into the encryption chip through the encryption chip driver.
The vehicle-mounted device, the system for realizing the vehicle-mounted communication and the related method of the embodiment of the invention have at least the following advantages:
by arranging the ECU with the encryption chip for the vehicle-mounted equipment, storing the key by means of the encryption chip and executing the encryption process, the message transmitted between the vehicle-mounted equipment is encrypted and protected in a hardware encryption mode, and the requirements of the vehicle-mounted communication process on safety and communication speed are met.
In the communication process in the vehicle, the identity verification in the communication process in the vehicle is realized by the check code generated by the secret key stored in the encryption chip, so that the interference of an illegal message source to the communication process in the vehicle is prevented, and the safety of the communication process in the vehicle is improved.
In the process of writing the secret key into the encryption chip, only the whole car factory or the supplier of the encryption chip knows the plaintext secret key, and the supplier of the ECU of the vehicle-mounted equipment can not obtain the plaintext secret key but can only obtain the encrypted secret key, so that the secret key is ensured not to be leaked in the process of writing the secret key into the encryption chip.
Drawings
Fig. 1 illustrates a system for implementing in-vehicle communication according to an embodiment of the present invention.
Fig. 2 shows a system for implementing in-vehicle air conditioning control according to an embodiment of the present invention.
Fig. 3 shows a flow chart of a method for writing a key into an encryption chip of an in-vehicle device according to an embodiment of the invention.
Detailed Description
Embodiments of the present invention are described below with reference to the drawings. In the following description, numerous specific details are set forth in order to provide a thorough understanding of, and enabling description for, those skilled in the art. It will be apparent, however, to one skilled in the art that the present invention may be practiced without some of these specific details. Furthermore, it should be understood that the invention is not limited to the specific embodiments described. Rather, any combination of the features and elements described below is contemplated as carrying out the invention, whether or not they relate to different embodiments. Thus, the following aspects, features, embodiments and advantages are merely illustrative and are not considered elements or limitations of the claims except where explicitly recited in a claim.
A first embodiment of the invention discloses an in-vehicle apparatus whose ECU has an encryption chip. The main idea of the present invention is to transfer the existing work of encrypting and decrypting and storing keys by software to hardware (i.e. encryption chip). The encryption chip can realize the following functions:
1. the key can be stored in a hardware protected and software inaccessible memory of the cryptographic chip. And, the plaintext key cannot be directly written into the encryption chip through the encryption chip driver. The key can be written into the encryption chip through the encryption chip driver only after being encrypted, then the encrypted key is decrypted and verified inside the encryption chip, and if the decryption and verification are successful, the key is stored in the encryption chip.
2. And supporting encryption and decryption by using a symmetric encryption algorithm. In the symmetric encryption algorithm, a data originator encrypts a plaintext message with a key to become a ciphertext and then sends out. After the receiver receives the ciphertext, the ciphertext needs to be decrypted by using the same secret key and the inverse algorithm of the same encryption algorithm, so that the ciphertext can be recovered into a readable plaintext message.
3. And generating a check code based on a symmetric encryption algorithm according to the secret key. Specifically, it is supported that a MAC (message authentication Codes) algorithm is used to calculate a MAC value of a message based on a key and a message digest HASH, and the MAC value is used as a check code. The security of the MAC algorithm therefore depends on the HASH function, and is therefore also called a keyed HASH (HASH) function. The check code may be used for validity checking of the message source.
Because the operation processing capacity of the encryption chip is far higher than that of software, the performance consumption of the ECU of the vehicle-mounted equipment can be reduced while the complexity of an encryption algorithm is kept, and the requirement on the communication speed in the vehicle is met. In addition, the key is stored in the memory of the encryption chip, which is protected by hardware and can not be accessed by software, so that the key can be ensured not to be attacked by the software in the in-vehicle communication process, and the requirement of the in-vehicle communication process on safety is met.
A second embodiment of the present invention discloses a system for enabling in-vehicle communication. Referring to fig. 1, the system includes a transmitting-end in-vehicle device and a receiving-end in-vehicle device. The sending-end vehicle-mounted device and the receiving-end vehicle-mounted device both adopt the vehicle-mounted device provided in the first embodiment of the present invention, and the same secret key is stored in the encryption chips of the sending-end vehicle-mounted device and the receiving-end vehicle-mounted device.
As shown in fig. 1, in the in-vehicle communication process, the sending-end in-vehicle device obtains an MAC value (i.e., a check code) through an MAC algorithm in an encryption chip according to a secret key and a message to be sent, and sends the message and the MAC value together to the receiving-end in-vehicle device. After receiving the message and the MAC value sent by the sending end vehicle-mounted device, the receiving end vehicle-mounted device obtains the MAC value through an MAC algorithm according to the secret key and the received message in the encryption chip, compares the generated MAC value with the received MAC value, and if the generated MAC value is the same as the received MAC value, considers that the received message is from a legal message source and executes a command corresponding to the message. And if the generated MAC value is different from the received MAC value, the received message is considered to be from an illegal message source and a command corresponding to the message is not executed. In addition, if the generated MAC value is different from the received MAC value, the received message may not be complete, and the command corresponding to the message is not executed. In short, when the generated MAC value is different from the received MAC value, the command corresponding to the received message is not executed.
Specifically, the MAC value of the message may be calculated based on the key and the message digest HASH by using an MAC algorithm in the encryption chips of the transmitting-end in-vehicle device and the receiving-end in-vehicle device. That is, the check code may be generated according to the following formula: the check code is HASH algorithm (key, message).
In the system for realizing the in-vehicle communication, the identity verification between the vehicle-mounted devices in the in-vehicle communication process is realized by the check code generated by the secret key stored in the encryption chip, so that the interference of an illegal message source to the in-vehicle communication process is prevented, and the safety of the in-vehicle communication process is improved.
On the basis of the second embodiment of the invention, a third embodiment of the invention discloses a system for realizing the control of an air conditioner in a vehicle. Referring to fig. 2, a central control apparatus of a vehicle controls an in-vehicle air conditioner. In the process, the central control device is a sending end vehicle-mounted device, and the air conditioner is a receiving end vehicle-mounted device.
In the air conditioner control process, the central control equipment generates a check code in the encryption chip according to the secret key and the message to be sent, and sends the message and the check code to the air conditioner together. After receiving the message and the check code sent by the central control equipment, the air conditioner generates the check code in the encryption chip according to the secret key and the received message, compares the generated check code with the received check code, and if the generated check code is the same as the received check code, considers that the received message is from legal control equipment and executes a command corresponding to the message. And if the generated check code is different from the received check code, the received message is considered to be from the illegal control equipment and the command corresponding to the message is not executed.
The fourth embodiment of the invention discloses a method for writing a secret key into an encryption chip of an on-board device. As shown in fig. 3, the method comprises the steps of:
step S301, the whole car factory or the supplier of the encrypted chip sends the encrypted key to the supplier of the ECU of the vehicle-mounted equipment.
In step S302, the ECU vendor of the in-vehicle device writes the encrypted key into the encryption chip through the encryption chip driver. Specifically, in the process of writing the key, the encrypted key is decrypted and verified inside the encryption chip, and if the decryption and verification are successful, the key is stored in the encryption chip. If the decryption verification fails, the key is not stored.
In the process of writing the secret key into the encryption chip, only the whole car factory or the supplier of the encryption chip knows the plaintext secret key, and the supplier of the ECU of the vehicle-mounted equipment can not obtain the plaintext secret key but can only obtain the encrypted secret key, so that the secret key is ensured not to be leaked in the process of writing the secret key into the encryption chip.
Although the present invention has been described with reference to the preferred embodiments, it is not to be limited thereto. Various changes and modifications within the spirit and scope of the present invention will become apparent to those skilled in the art from this disclosure, and it is intended that the scope of the present invention be defined by the appended claims.
Claims (8)
1. An on-board device, characterized in that an ECU of the on-board device has an encryption chip in which a key is stored, the key being stored in a memory of the encryption chip that is protected by hardware and is inaccessible to software, the encryption chip being configured to generate a check code from the key and a message to be processed.
2. The vehicle-mounted device of claim 1, wherein the encrypted key is written into the encryption chip through an encryption chip driver, the encrypted key is decrypted and verified inside the encryption chip, and if the decryption and verification are successful, the key is stored in the encryption chip.
3. A system for implementing in-vehicle communication, characterized in that the system comprises a sending-end in-vehicle device and a receiving-end in-vehicle device, the sending-end in-vehicle device and the receiving-end in-vehicle device are the in-vehicle devices according to any one of claims 1-2, and the same secret key is stored in the encryption chips of the sending-end in-vehicle device and the receiving-end in-vehicle device.
4. The system of claim 3, wherein the transmitting end in-vehicle device is configured to:
generating a check code in an encryption chip of the sending end vehicle-mounted equipment according to the secret key and the message to be sent;
and sending the message and the check code to the receiving end vehicle-mounted equipment.
5. The system of claim 4, wherein the receiving end in-vehicle device is configured to:
generating a check code in an encryption chip of the receiving end vehicle-mounted equipment according to the secret key and the received message;
and comparing the generated check code with the received check code, and if the comparison result is that the generated check code is the same as the received check code, executing the command corresponding to the message.
6. The system of claim 5, wherein the receiving end in-vehicle device is configured to:
and if the comparison result is that the generated check code is different from the received check code, not executing the command corresponding to the message.
7. The system of claim 6, wherein a MAC value of the message is calculated in the encryption chips of the transmitting-end in-vehicle device and the receiving-end in-vehicle device based on the key and the message digest HASH, and the MAC value is used as a check code.
8. A method for writing a key into an encryption chip of an in-vehicle device, wherein the in-vehicle device is the in-vehicle device according to any one of claims 1-2, the method comprising:
the whole car factory or the supplier of the encryption chip sends the encrypted key to the supplier of the ECU of the vehicle-mounted equipment,
and the ECU supplier of the vehicle-mounted equipment writes the encrypted key into the encryption chip through the encryption chip driver.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811504122.9A CN111294771A (en) | 2018-12-10 | 2018-12-10 | In-vehicle device, system for implementing in-vehicle communication and related method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811504122.9A CN111294771A (en) | 2018-12-10 | 2018-12-10 | In-vehicle device, system for implementing in-vehicle communication and related method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111294771A true CN111294771A (en) | 2020-06-16 |
Family
ID=71024078
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811504122.9A Pending CN111294771A (en) | 2018-12-10 | 2018-12-10 | In-vehicle device, system for implementing in-vehicle communication and related method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111294771A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113179258A (en) * | 2021-04-20 | 2021-07-27 | 中国电子科技集团公司第五十八研究所 | Vehicle-mounted data encryption method based on multiple encryption algorithms |
| WO2022241799A1 (en) * | 2021-05-21 | 2022-11-24 | 华为技术有限公司 | Key generation method and apparatus |
| CN115720179A (en) * | 2021-08-24 | 2023-02-28 | 西南大学 | Vehicle-mounted network security hybrid chip |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106101111A (en) * | 2016-06-24 | 2016-11-09 | 郑州信大捷安信息技术股份有限公司 | Vehicle electronics safe communication system and communication means |
| CN106357400A (en) * | 2016-11-07 | 2017-01-25 | 福建星海通信科技有限公司 | Method and system for establishing channel between TBOX terminal and TSP platform |
| CN106572106A (en) * | 2016-11-07 | 2017-04-19 | 福建星海通信科技有限公司 | Method of transmitting message between TBOX terminal and TSP platform |
| US20180007076A1 (en) * | 2016-06-29 | 2018-01-04 | Argus Cyber Security Ltd. | System and method for detection and prevention of attacks on in-vehicle networks |
| CN108055133A (en) * | 2017-12-12 | 2018-05-18 | 江苏安凰领御科技有限公司 | A kind of key secure signing method based on block chain technology |
| CN108075897A (en) * | 2016-11-07 | 2018-05-25 | 福特全球技术公司 | Controller LAN message authentication |
| CN108200044A (en) * | 2017-12-28 | 2018-06-22 | 宁德时代新能源科技股份有限公司 | Vehicle-mounted program file encryption method and system |
-
2018
- 2018-12-10 CN CN201811504122.9A patent/CN111294771A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106101111A (en) * | 2016-06-24 | 2016-11-09 | 郑州信大捷安信息技术股份有限公司 | Vehicle electronics safe communication system and communication means |
| US20180007076A1 (en) * | 2016-06-29 | 2018-01-04 | Argus Cyber Security Ltd. | System and method for detection and prevention of attacks on in-vehicle networks |
| CN106357400A (en) * | 2016-11-07 | 2017-01-25 | 福建星海通信科技有限公司 | Method and system for establishing channel between TBOX terminal and TSP platform |
| CN106572106A (en) * | 2016-11-07 | 2017-04-19 | 福建星海通信科技有限公司 | Method of transmitting message between TBOX terminal and TSP platform |
| CN108075897A (en) * | 2016-11-07 | 2018-05-25 | 福特全球技术公司 | Controller LAN message authentication |
| CN108055133A (en) * | 2017-12-12 | 2018-05-18 | 江苏安凰领御科技有限公司 | A kind of key secure signing method based on block chain technology |
| CN108200044A (en) * | 2017-12-28 | 2018-06-22 | 宁德时代新能源科技股份有限公司 | Vehicle-mounted program file encryption method and system |
Non-Patent Citations (1)
| Title |
|---|
| 张鸥: "智能网联汽车安全网关技术的研究与实现", 《中国优秀博硕士学位论文全文数据库(硕士)工程科技Ⅱ辑(月刊)》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113179258A (en) * | 2021-04-20 | 2021-07-27 | 中国电子科技集团公司第五十八研究所 | Vehicle-mounted data encryption method based on multiple encryption algorithms |
| CN113179258B (en) * | 2021-04-20 | 2023-05-02 | 中国电子科技集团公司第五十八研究所 | Vehicle-mounted data encryption method based on multi-encryption algorithm |
| WO2022241799A1 (en) * | 2021-05-21 | 2022-11-24 | 华为技术有限公司 | Key generation method and apparatus |
| CN115720179A (en) * | 2021-08-24 | 2023-02-28 | 西南大学 | Vehicle-mounted network security hybrid chip |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Woo et al. | A practical wireless attack on the connected car and security protocol for in-vehicle CAN | |
| CN108698563B (en) | Secure smartphone-based access and start authorization system for vehicles | |
| US10419220B2 (en) | Management device, key generating device, vehicle, maintenance tool, management system, management method, and computer program | |
| US10708062B2 (en) | In-vehicle information communication system and authentication method | |
| CN105827586B (en) | V2X communication equipment, system and nonvolatile memory | |
| CN106572106B (en) | Method for transmitting message between TBOX terminal and TSP platform | |
| CN109314640B (en) | Vehicle information collection system, vehicle-mounted computer, vehicle information collection device, vehicle information collection method, and recording medium | |
| CN105635147A (en) | Vehicle-mounted-special-equipment-system-based secure data transmission method and system | |
| JP6731887B2 (en) | Maintenance system and maintenance method | |
| CN108011708B (en) | Message encryption method based on automobile bus, vehicle controller and vehicle | |
| KR101549034B1 (en) | Method for guarantying the confidentiality and integrity of a data in Controller Area Networks | |
| US20180205729A1 (en) | Method and apparatus for encryption, decryption and authentication | |
| CN106850311B (en) | Data security transmission system and method for firmware upgrade | |
| WO2018092356A1 (en) | Communication system, vehicle, server device, communication method, and computer program | |
| CN104753962A (en) | OBD (On-board diagnostics) safety management method and system | |
| CN105722013A (en) | Bluetooth pairing method and device | |
| CN111294771A (en) | In-vehicle device, system for implementing in-vehicle communication and related method | |
| CN111294795B (en) | System for realizing communication in vehicle | |
| CN115314253B (en) | Data processing method, device, system, equipment and working machine | |
| CN113138775A (en) | Firmware protection method and system for vehicle-mounted diagnosis system | |
| JPWO2018047510A1 (en) | In-vehicle processing equipment | |
| CN113179258A (en) | Vehicle-mounted data encryption method based on multiple encryption algorithms | |
| JP6203798B2 (en) | In-vehicle control system, vehicle, management device, in-vehicle computer, data sharing method, and computer program | |
| JP2018082439A (en) | Communication system, vehicle, server device, communication method, and computer program | |
| US11533612B2 (en) | Transceiver system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200616 |